Illustration: Shutterstock

Cyber security: vulnerability can be turned into an advantage

Tuesday 16 Oct 18

Contact

Lars Ramkilde Knudsen
Professor
DTU Compute
+45 45 25 30 48

Thieving hackers

In 2016, hackers stole almost USD 100 million from the central bank of Bangladesh.


Source: Centre for Cyber Security, Danish Defence Intelligence Service.

Not a rarity in the industry

The European Aviation Safety Agency has reported that aviation systems are exposed to 1,000 cyber attacks a month on average.

Source: The Global Risks Report 2018

Denmark’s position as the most digitalized country in Europe makes us vulnerable to cyber attacks.

But this vulnerability may be turned into an advantage as Denmark has the potential to become the world’s leading cyber security nation.

Internet of Things, big data, blockchain, and cryptocurrency ... These words are all part of the digitization process our society is currently undergoing. They are all evidence of a general trend: We move our valuables and activities from the physical world to the digital world.

Personal data, critical infrastructure, health data, securities, and currency are just some of the many valuables we move.

Denmark is among the countries with the most valuables online, and it makes our society, businesses, and citizens extra vulnerable to hackers.

However, at the same time, this degree of digitization gives Denmark the opportunity to become a pioneer in the development of technologies and methods for withstanding the fastest growing type of crime: cyber attacks.

Digitization makes us vulnerable

Today’s coffee makers come with an app that allows you to brew your morning coffee from your bed. According to an OECD report, the number of household appliances online in the average household has increased from 8 in 2012 to 23 in 2017.

But the many online appliances, tablets, gaming consoles, and smart TVs make us vulnerable to cyber attacks, says cryptologist and cyber security researcher at DTU Compute, Lars Ramkilde Knudsen:

“When everything is connected, hackers have more ways to access and download our valuable information. So even though your phone’s security is tip-top, they can still hack it through one of the less secure apps that you have installed,” he says.

There are many ways to hack a phone or a computer. The operating system is made up of many lines of code that are constantly expanded in different directions when the user installs new software—like an app for the coffee maker.

If just one of these code extensions are not sufficiently secure, a hacker can break in and access parts of the hard drive, intranet, or control system, says Senior Manager Henrik Falkenthros, who works as a so-called ethical hacker for consultant firm BDO. Businesses hire him to hack into their security systems in order to find gaps.

"Ransomware attacks. Cyber crime which aims to extort money from government authorities, businesses, and citizens poses a particular threat"
Centre for Cyber Security, Danish Defence Intelligence Service

“In recent years, there has been a tremendous increase in access points for hackers. Generally speaking, the security level of new online technology is quite low. In order to get in, we just have to find a place where the units are incorrectly connected. And nine times out of ten we are successful,” he says.

This principle applies to all digital systems connected to each other. Nevertheless, the online connection and centralization of computer systems is something that is widely used in Denmark to make the digital transition more user-friendly, but the method is risky.

“What makes our society so vulnerable is that we have centralized almost the whole society through, for example, the central national register and NemID [a personal code card used for many different self-service solutions in Denmark, Ed.]. Through here, so many things that can be hacked at the same time, and the same threat applies to smart devices connected to each other. Centralized data is always more vulnerable than decentralized data,” says Lars Ramkilde Knudsen.

Businesses also feel the consequences of their connecting all of their computer systems. For example, Maersk had to replace 45,000 computers and 4,000 servers last year as due to a virus that affected the entire company logistics network for ten days. The attack resulted in an estimated loss of between EUR 215 million and EUR 255 million.

Immense consequences

There is much to suggest that such cyber attacks will increase in the future. In a new report, the Centre for Cyber Security under the Danish Defence Intelligence Service has estimated the risk of cyber crime in Denmark to be ‘very high’.

“The reason is that there is more valuable information online these days and less risk of being caught” says director of the Centre for Cyber Security, Thomas Lund-Sørensen.

From 2009 to 2016, the number of cyber attacks in Denmark increased by 42 per cent. In the same period, the number of reported burglaries decreased by 8 per cent, according to figures from Statistics Denmark.

The calculations predict that cyber crime will be more common than burglary within the next three years.

Although private citizens are also exposed, government authorities and businesses will see the largest financial and structural implications of the cyber attacks, as was evidenced last year, when more than 150 countries were affected by the so-called WannaCry attack, which is the biggest ransomware attack in the world so far.

The ransomware encrypted the files on all the computers on a network, and the files could only be unlocked through a ransom paid in the form of bitcoins.

Denmark got off relatively easy with only about 300 computers infected in the attack, but large parts of the UK health sector were affected.

“The consequences of a cyber attack can become unmanageable if everything is interconnected. All infrastructure, you car, and your entire home can potentially be hijacked,” says Lars Ramkilde Knudsen.

MAJOR CYBER ATTACKS

Stuxnet, 2010

An attack aimed at the Natanz nuclear plant in Iran. The attack caused a short circuit in the nuclear centrifuges and delayed the Iranian nuclear programme by nearly 18 months. Considered the first modern cyber attack, it opened the eyes of many nations to the use of computer technology as a weapon.

 

Sony Pictures, 2014

A group of hackers leaked confidential information about employees of Sony Pictures in California as well as some undistributed films. The group tried to prevent the distribution of the film ‘The Interview’, which makes fun of North Korean leader Kim Jong-un.

 

WannaCry, 2017

The world’s biggest ransomware attack. Affected computers around the world and encrypted the hard drives of some with a promise to unlock them for a ransom.“Cyber crime which aims to extort money from government authorities, businesses, and citizens poses a particular threat.”

Source: Centre for Cyber Security, Danish Defence Intelligence Service.

Could become a Danish niche
Even though Denmark is especially vulnerable to cyber attacks, our digitization also gives us a head start.

It will make it easier for us to take advantage of this new market for cyber security commercially and create growth, according to the new report ‘The future market for cybersecurity in Denmark’ from Innovation Fund Denmark, prepared by accounting firm Deloitte.

Digitization has generally made Danes more apt at IT than people of other nations.

Our businesses therefore have no problem recruiting employees with the IT competences increasingly in demand.

Furthermore, both DTU and Aarhus University have done research in and produced graduates of cryptology, as some of the few universities in the world.

Cryptology is an important subject within cyber security as it concerns protecting information and data from hackers.

“We are among the world’s leading in cryptology because we teach and conduct research in it. In the same way, we can become the world’s leading in cyber security, if that is where the universities put their focus,” says professor of cryptology Lars Ramkilde Knudsen.

The director of the Centre for Cyber Security, Thomas Lund-Sørensen, also believes that it is important to focus on research and teaching in order to withstand future threats.

“Every year we see attacks that are more advanced than the year before. Consequently, we need to be at the forefront of a growing threat with good, solid research. Not just within the technical aspect of how to withstand cyber attacks, but also in terms of training in how to deal with public service tasks in a digital world,” he says, and explains how this will create growth for the Danish society in the long term:

“You can compare it to the 70s and 80s, where we started using green energy and heat and power stations. This proved to be a great niche for Denmark, and I think we can create a similar success with cyber security.”

Cyber security theme

 Photo: Shutterstock  

 

Spin-out makes data immune

 Photo: Shutterstock  

 

The best defence is a flexible organization

 Photo: Shutterstock  

 

New method to boost efficiency of quantum cryptography

 Photo: Colourbox  

 

New hacker lab aims to improve security on the internet

News and filters

Get updated on news that match your filter.